From Wikipedia, the free encyclopedia
Original author(s)Dries Buytaert
Developer(s)Drupal community
Initial releaseJanuary 15, 2001; 23 years ago (2001-01-15)[1]
Stable release
10.2.5[2] Edit this on Wikidata / 3 April 2024; 17 days ago[±]
RepositoryDrupal Repository
Written inPHP, using Symfony
Operating systemUnix-like, Windows
PlatformWeb platform
Size140 MB (uncompressed Drupal 9.1 core)[3]
TypeContent management framework
Content management system
Blog software
Knowledge management

Drupal (/ˈdrpəl/)[5] is a free and open-source web content management system (CMS) written in PHP and distributed under the GNU General Public License.[4][6][7] Drupal provides an open-source back-end framework for at least 14% of the top 10,000 websites worldwide[8] and 1.2% of the top 10 million websites[9]—ranging from personal blogs to corporate, political, and government sites.[10] Drupal can also be used for knowledge management and for business collaboration.[11]

As of March 2022, the Drupal community had more than 1.39 million members,[12][13][14] including 124,000 users actively contributing,[15] resulting in more than 50,000 free modules that extend and customize Drupal functionality,[16] over 3,000 free themes that change the look and feel of Drupal,[17] and at least 1,400 free distributions that allow users to quickly and easily set up a complex, use-specific Drupal in fewer steps.[18]

The standard release of Drupal, known as Drupal core, contains basic features common to content-management systems. These include user account registration and maintenance, menu management, RSS feeds, taxonomy, page layout customization, and system administration. The Drupal core installation can serve as a simple website, a single- or multi-user blog, an Internet forum, or a community website providing for user-generated content.

Drupal also describes itself as a Web application framework.[19] When compared with notable frameworks, Drupal meets most of the generally accepted feature requirements for such web frameworks.[20][21]

Although Drupal offers a sophisticated API for developers, basic Web-site installation and administration of the framework require no programming skills.[22]

Drupal runs on any computing platform that supports both a web server capable of running PHP and a database to store content and configuration.


Latest major and supported releases
Version Release date
Current stable version: 10.2.5 3 April 2024[2]
Older version, yet still maintained: 10.1.8 17 January 2024[23]
Older version, yet still maintained: 7.100 6 March 2024[24]
Old version, no longer maintained: 9.5.11 September 20, 2023[3]
Old version, no longer maintained: 8.9.20 December 17, 2021 [25]
Old version, no longer maintained: 6.38 February 24, 2016[26]
Old version, no longer maintained: 5.23 August 11, 2010[27]
Old version, no longer maintained: 4.7.11 January 10, 2008[28]
Old version
Older version, still maintained
Latest version
Latest preview version
Future release
Old version
Older version, still maintained
Latest version
Latest preview version
Future release

Drupal was originally written by Dries Buytaert as a message board for his friends to communicate in their dorms while working on his Master's degree at the University of Antwerp.[29][30] After graduation, Buytaert moved the site to the public internet and named it Drop.org.[29] Between 2003 and 2008 Dries Buytaert worked towards a PhD degree at Ghent University.[31]

The name Drupal represents an English rendering of the Dutch word druppel, which means "drop" (as in a water droplet).[32] The name came from the now-defunct Drop.org, whose code slowly evolved into Drupal. Buytaert wanted to call the site "dorp" (Dutch for "village") for its community aspects, but mistyped it when checking the domain name and thought the error sounded better.[33]

Drupal became an open source project in 2001.[33] Interest in Drupal got a significant boost in 2003 when it helped build "DeanSpace" for Howard Dean, one of the candidates in the U.S. Democratic Party's primary campaign for the 2004 U.S. presidential election. DeanSpace used open-source sharing of Drupal to support a decentralized network of approximately 50 disparate, unofficial pro-Dean websites that allowed users to communicate directly with one another as well as with the campaign.[34] After Dean ended his campaign, members of his Web team continued to pursue their interest in developing a Web platform that could aid political activism by launching CivicSpace Labs in July 2004, "...the first company with full-time employees that was developing and distributing Drupal technology."[35] Other companies began to also specialize in Drupal development.[36][37]

By 2013, the Drupal website listed hundreds of vendors that offered Drupal-related services.[38]

As of 2014, Drupal is developed by a community.[39][needs update] From July 2007 to June 2008, the Drupal.org site provided more than 1.4 million downloads of Drupal software, an increase of approximately 125% from the previous year.[40][41]

As of January 2017 more than 1,180,000 sites use Drupal.[42] These include hundreds of well-known organizations,[43] including corporations, media and publishing companies, governments, non-profits,[44] schools, and individuals. Drupal has won several Packt Open Source CMS Awards[45] and won the Webware 100 [clarification needed] three times in a row.[46][47]

Drupal 6 was released on February 13, 2008,[48] on March 5, 2009, Buytaert announced a code freeze for Drupal 7 for September 1, 2009.[49] Drupal 7 was released on January 5, 2011, with release parties in several countries.[50] After that, maintenance on Drupal 5 stopped, with only Drupal 7 and Drupal 6 maintained.[51]

Drupal 7's end-of-life was scheduled for November 2021, but given the impact of COVID-19, and the continuing wide usage, the end of life has been pushed back until November 1, 2023, to be reviewed annually.[52] Drupal 7 end-of-life has been extended once more as of June 2023. It is now set for January 5, 2025. This is expected to be the final extension for Drupal 7.[53]

On October 7, 2015, Drupal 8 first release candidate (rc1) was announced.[54] Drupal 8 includes new features and improvements for both users and developers, including: a revamped user interface; WYSIWYG and in-place editing; improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; and improved multilingual support. Drupal 8 rc1 is the collective work of over 3,200 core contributors.[54] Drupal 8 only allows clients to use local images and utilizes only filtered HTML designs.[55] Drupal 8 was end-of-life on November 30, 2021.[56]

Drupal 9 was released on June 3, 2020.[57] Drupal 9 was end-of-life on November 1, 2023.[58]

In October 2022, Drupal released an open source headless CMS accelerator, allowing the front end to be managed outside of the core system.[59][60]

In December 2022, the community released Drupal 10.0.[61] Major things you should know about the latest drupal release as mentioned in the article here.


In the Drupal community, "core" refers to the collaboratively built codebase that can be extended through contributory modules and—for versions prior to Drupal 8—is kept outside of the "sites" folder of a Drupal installation.[62] (Starting with version 8, the core is kept in its own 'core' sub-directory.) Drupal core is the stock element of Drupal. Common Drupal-specific libraries, as well as the bootstrap process, are defined as Drupal core; all other functionality is defined as Drupal modules including the system module itself.

In a Drupal website's default configuration, authors can contribute content as either registered or anonymous users (at the discretion of the administrator). This content is accessible to web visitors through a variety of selectable criteria. As of Drupal 8, Drupal has adopted some Symfony libraries into Drupal core.

Core modules also include a hierarchical taxonomy system, which lets developers categorize content or tag with keywords for easier access.[22]

Drupal maintains a detailed changelog of core feature updates by version.[63]

Core modules[edit]

Drupal core includes modules that can be enabled by the administrator to extend the functionality of the core website.[64][65]

The core Drupal distribution provides a number of features, including:[64]

  • Access statistics and logging
  • Advanced search
  • Books, comments, and forums
  • Caching, lazy-loading content (using BigPipe) and feature throttling for improved performance
  • Custom content type and fields, and user interface to create, manage, and display lists of content.
  • Descriptive URLs
  • Multi-level menu system
  • Multi-site support[66]
  • Multi-user content creation and editing
  • RSS feed and feed aggregator
  • Security and new release update notification
  • User profiles
  • Various access control restrictions (user roles, IP addresses, email)
  • Workflow tools (triggers and actions)

Core themes[edit]

Drupal includes core themes, which customize the "look and feel" of Drupal sites,[67] for example, Garland and Bartik.

The Color Module, introduced in Drupal core 5.0, allows administrators to change the color scheme of certain themes via a browser interface.[68]


As of September 2022, Drupal is available in 100 languages including English (the default).[69][55] Support is included for right-to-left languages such as Arabic, Persian, and Hebrew.[70]

Drupal localization is built on top of gettext, the GNU internationalization and localization (i18n) library.

Auto-update notification[edit]

Drupal can automatically notify the administrator about new versions of modules, themes, or the Drupal core.[70] It's important to update quickly after security updates are released.

Before updating it is highly recommended to take backup of core, modules, theme, files and database. If there is any error shown after update or if the new update is not compatible with a module, then it can be quickly replaced by a backup. There are several backup modules available in Drupal.

On 15 October 2014, an SQL injection vulnerability was announced and update was released.[71] Two weeks later the Drupal security team released an advisory explaining that everyone should act under the assumption that any site not updated within 7 hours of the announcement was compromised by automated attacks.[72] Thus, it can be extremely important to apply these updates quickly and usage of a tool like drush to make this process easier is highly recommended.

Database abstraction[edit]

Prior to version 7, Drupal had functions that performed tasks related to databases, such as SQL query cleansing, multi-site table name prefixing, and generating proper SQL queries. In particular, Drupal 6 introduced an abstraction layer that allowed programmers to create SQL queries without writing SQL.

Drupal 9 extends the data abstraction layer so that a programmer no longer needs to write SQL queries as text strings. It uses PHP Data Objects to abstract the database. Microsoft has written a database driver for their SQL Server. Drupal 7 supports the file-based SQLite database engine, which is part of the standard PHP distribution.

Windows development[edit]

With Drupal 9's new database abstraction layer, and ability to run on the Windows web server IIS, it is now easier for Windows developers to participate in the Drupal community.

A group on Drupal.org is dedicated to Windows issues.[73]


Since the release of Drupal 7, Web accessibility has been constantly improving in the Drupal community.[74] Drupal is a good framework for building sites accessible to people with disabilities, because many of the best practices have been incorporated into Drupal Core.

Drupal 8 saw many improvements from the Authoring Tool Accessibility Guidelines (ATAG) 2.0 guidelines which support both an accessible authoring environment as well as support for authors to produce more accessible content.

The accessibility team is carrying on the work of identifying and resolving accessibility barriers and raising awareness within the community.

Drupal 8 has good semantic support for rich web applications through WAI-ARIA. There have been many improvements to both the visitor and administrator sides of Drupal, especially:

  • Drag and drop functionality
  • Improved color contrast and intensity
  • Adding skip navigation to core themes
  • Adding labels by default for input forms
  • Fixing CSS display:none with consistent methods for hiding and exposing text on focus
  • Adding support for ARIA Live Regions with Drupal.announce
  • Adding a TabbingManager to support better keyboard navigation[75]

The community also added an accessibility gate for core issues in Drupal 8.[76]

Extending the core[edit]

Drupal core is modular, defining a system of hooks and callbacks, which are accessed internally via an API.[77] This design allows third-party contributed modules and themes to extend or override Drupal's default behaviors without changing Drupal core's code.

Drupal isolates core files from contributed modules and themes. This increases flexibility and security and allows administrators to cleanly upgrade to new releases without overwriting their site's customizations.[78] The Drupal community has the saying, "Never hack core," a strong recommendation that site developers do not change core files.[62]


Contributed modules offer such additional or alternate features as image galleries, custom content types and content listings, WYSIWYG editors, private messaging, third-party integration tools,[79] integrating with BPM portals,[80] and more. As of December 2019 the Drupal website lists more than 44,000 free modules.[16]

Some of the most commonly used contributed modules include:[81]

  • Content Construction Kit (CCK): allows site administrators to dynamically create content types by extending the database schema. "Content type" describes the kind of information. Content types include, but are not limited to, events, invitations, reviews, articles, and products. The CCK Fields API is in Drupal core in Drupal 7.[82][83]
  • Views: facilitates the retrieval and presentation, through a database abstraction system, of content to site visitors. Basic views functionality has been added to core of Drupal 8.[84]
  • Panels: drag and drop layout manager that allows site administrators to visually design their site.
  • Rules: conditionally executed actions based on recurring events.
  • Features: enables the capture and management of features (entities, views, fields, configuration, etc.) into custom modules.
  • Context: allows the definition of sections of site where Drupal features can be conditionally activated
  • Media: makes photo uploading and media management easier
  • Services: provides an API for Drupal.


As of December 2019, there are more than 2,800 free community-contributed themes.[17] Themes adapt or replace a Drupal site's default look and feel.

Drupal themes use standardized formats that may be generated by common third-party theme design engines. Many are written in the PHPTemplate engine[85] or, to a lesser extent, the XTemplate engine.[86] Some templates use hard-coded PHP. Drupal 8 and future versions of Drupal integrate the Twig templating engine.[87]

The inclusion of the PHPTemplate and XTemplate engines in Drupal addressed user concerns about flexibility and complexity.[88] The Drupal theming system utilizes a template engine to further separate HTML/CSS from PHP. A popular Drupal contributed module called 'Devel' provides GUI information to developers and themers about the page build.

Community-contributed themes on the Drupal website are released under a free GPL license.[89][90]


In the past, those wanting a fully customized installation of Drupal had to download a pre-tailored version separately from the official Drupal core. Today, however, a distribution defines a packaged version of Drupal that upon installation, provides a website or application built for a specific purpose.

The distributions offer the benefit of a new Drupal site without having to manually seek out and install third-party contributed modules or adjust configuration settings.[91] They are collections of modules, themes, and associated configuration settings that prepare Drupal for custom operation. For example, a distribution could configure Drupal as a "brochure" site rather than a news site or online store.


Drupal is based on the Presentation Abstraction Control architecture, or PAC.

The menu system acts as the Controller. It accepts input via a single source (HTTP GET and POST), routes requests to the appropriate helper functions, pulls data out of the Abstraction (nodes and, from Drupal 5 onwards, forms), and then pushes it through a filter to get a Presentation of it (the theme system).

It even has multiple, parallel PAC agents in the form of blocks that push data out to a common canvas (page.tpl.php).[92]


Drupal.org has a large community of users and developers who provide active community support by coming up with new updates to help improve the functionality of Drupal.[93] As of January 2017 more than 105,400 users are actively contributing.[15] The semiannual DrupalCon conference alternates between North America, Europe and Asia.[94] Attendance at DrupalCon grew from 500 at Szeged in August 2008, to over 3,700 people at Austin, Texas in June, 2014.

Smaller events, known as "Drupal Camps" or DrupalCamp, occur throughout the year all over the world.[95] The annual Florida DrupalCamp brings users together for Coding for a Cause that benefits a local nonprofit organization, as does the annual GLADCamp (Greater Los Angeles Drupal Camp) event, Coders with a Cause.

The Drupal community also organizes professional and semi-professional gatherings called meetups at a large number of venues around the world.

There are over 30 national communities[96] around drupal.org offering language-specific support.


Notable Drupal users include:


Drupal's policy is to announce the nature of each security vulnerability once the fix is released.[104][105]

Administrators of Drupal sites can be automatically notified of these new releases via the Update Status module (Drupal 6) or via the Update Manager (Drupal 7).[106]

Drupal maintains a security announcement mailing list, a history of all security advisories, a security team home page, and an RSS feed with the most recent security advisories.[107][108][109]

In mid-October 2014, Drupal issued a "highly critical" security advisory regarding an SQL injection bug in Drupal 7, also known as Drupageddon.[110][111][112] Downloading and installing an upgrade to Drupal 7.32 fixes the vulnerability, but does not remove any backdoor installed by hackers if the site has already been compromised.[113] Attacks began soon after the vulnerability was announced. According to the Drupal security team, where a site was not patched within hours of the announcement, it should be considered compromised and taken offline by being replaced with a static HTML page while the administrator of its server must be told that other sites on the same server may also have been compromised. To solve the problem, the site must be restored using backups from before October 15, be patched and manually updated, and anything merged from the site must be audited.[114]

In late March 2018, a patch for vulnerability CVE-2018-7600, also dubbed Drupalgeddon2, was released. The underlying bug allows remote attackers without special roles or permissions to take complete control of Drupal 6, 7, and 8 sites.[115][116] Drupal 6 reached end-of-life on February 24, 2016, and does not get official security updates (extended support is available from two paid Long Term Services Vendors).[117] Starting early April, large scale automated attacks against vulnerable sites were observed, and on April 20, a high level of penetration of unpatched sites was reported.[118]

On 23 December 2019, Drupal patched an arbitrary file upload flaw. The file-upload flaw affects Drupal 8.8.x before 8.8.1 and 8.7.x before 8.7.11, and the vulnerability is listed as moderately critical by Drupal.[119][120]

In September 2022, Drupal announced two security advisories for a severe vulnerability in Twig for users of Drupal 9.3 and 9.4.[121] That week, Drupal also announced a patch for the S3 File System to fix an access bypass issue.[87]

In January 2023, Drupal announced software updates to resolve four vulnerabilities in Drupal core and three plugins.[122]

Headless Future[edit]

Drupal's future direction is increasingly embracing a headless CMS architecture, transforming the landscape of content management systems. This approach decouples the frontend (presentation and publishing) from the backend (content), allowing for greater flexibility and innovation in content delivery. Notably, Drupal, a long-time competitor to WordPress, has invested significantly in this headless approach. Drupal creator Dries Buytaert has discussed Acquia's new open-source headless starter kit, which is integral to the Drupal-based Acquia CMS. This kit enables organizations to deliver content beyond traditional web browsers, catering to a range of digital mediums like digital signage, wearable devices, chatbots, mobile applications, and kiosks.[123]

See also[edit]


  1. ^ "CHANGELOG.txt". Drupal.org. Retrieved 8 June 2020.
  2. ^ a b "drupal 10.2.5". 3 April 2024.
  3. ^ a b "Drupal 9 releases; drupal.org". Retrieved 2023-09-21.
  4. ^ a b "Licensing FAQ". drupal.org. Retrieved 2009-04-08.
  5. ^ A query on Drupal's official website in March 2009: How does one pronounce "Drupal"? (accessed 19 June 2013)
  6. ^ "The Drupal Overview". drupal.org. 2 June 2008. Retrieved 2009-04-08.
  7. ^ "System Requirements". drupal.org. Retrieved 2009-04-08.
  8. ^ "Open Source Usage Distribution in the Top 10k Sites". BuiltWith Pty Ltd. 2022-01-02. Archived from the original on 2022-01-08. Retrieved 2022-01-07.
  9. ^ W3Techs (2022-06-13). "Usage Statistics and Market Share of Content Management Systems". W3Techs. Retrieved 2022-06-13.{{cite web}}: CS1 maint: numeric names: authors list (link)
  10. ^ "The State of Drupal 2010 speech". 2001-03-10. Retrieved 2011-08-31.
  11. ^ "Knowledge management with Drupal". 19 May 2004.
  12. ^ "Drupal launches newest version of the CMS already powering top organizations around the world". Drupal.org. Drupal Association. 2020-06-03. Archived from the original on 2021-03-10. Retrieved 2021-03-10.
  13. ^ "Getting Involved | Drupal.org". www.drupal.org. 2019-12-21. Archived from the original on 2019-12-22. Retrieved 2018-09-21. Drupal.org Activity
  14. ^ "1 Million Users on Drupal.org!". www.drupal.org. 2013-10-11.
  15. ^ a b "Drupal for Developers | Drupal.org". www.drupal.org. 2022-03-18. Archived from the original on 2022-03-18. Retrieved 2017-04-21.
  16. ^ a b "Module project | Drupal.org". www.drupal.org. 2022-03-18. Archived from the original on 2023-06-23. Retrieved 2023-06-23.
  17. ^ a b "Theme project | Drupal.org". www.drupal.org. 2022-03-18. Archived from the original on 2022-03-18. Retrieved 2017-09-21.
  18. ^ "Distribution project | Drupal.org". www.drupal.org. 2022-03-18. Archived from the original on 2022-03-18. Retrieved 2017-09-21.
  19. ^ "Drupal 7 as an enterprise web application framework". drupal.org.
  20. ^ O'Connor, William (2014-08-19). "The Drupal API turns a CMS into a true enterprise application - O'Reilly Radar". O'Reilly Media. Retrieved 2017-04-11.
  21. ^ Diana, Dupuis (2013-05-15). "Drupal Is a Framework: Why Everyone Needs to Understand This". Linux Journal.
  22. ^ a b "Features". drupal.org. Retrieved 2009-04-08.
  23. ^ "drupal 10.1.8". Retrieved 18 January 2024.
  24. ^ "drupal 7.100". 6 March 2024.
  25. ^ "Drupal 8 releases; drupal.org". Retrieved 2022-12-18.
  26. ^ "Drupal 6 releases; drupal.org". Retrieved 2022-07-01.
  27. ^ "Drupal 5 releases; drupal.org". Retrieved 2022-07-01.
  28. ^ "Drupal 4 releases; drupal.org". Retrieved 2022-07-01.
  29. ^ a b Miller, Ron (2021-01-22). "Drupal's journey from dorm-room project to billion-dollar exit". TechCrunch. Retrieved 2022-09-20.
  30. ^ Ruthven, Hunter (2012-04-17). "Dorm room to boardroom - Dries Buytaert on growing Drupal". Growth Business. Retrieved 2022-09-20.
  31. ^ Buytaert, Dries (2008-01-24). Profiling techniques for performance analysis and optimization of Java applications (PhD).
  32. ^ "Druppel: Dutch to English Translation". Babylon Translation. Archived from the original on 2009-04-13. Retrieved 2009-04-08.
  33. ^ a b "History". drupal.org. Retrieved 2009-04-08.
  34. ^ Benjamin Melançon; et al. (2011). The Definitive Guide to Drupal 7 (2nd ed.). Apress. p. 823. ISBN 9781430231356.
  35. ^ Critchley, Spencer (2006-05-03). "Digital Politics: An Interview With CivicSpace Founder Zack Rosen". O'Reilly Media. Archived from the original on 2006-05-17. Retrieved 2012-05-27.
  36. ^ Kreiss, Daniel (2012-03-05). "Dean, Romney, and Drupal: Values and Technological Adoption". Culture Digitally. Retrieved 2012-05-27.
  37. ^ Samantha M. Shapiro, "The Dean Connection", The New York Times December 7, 2003, accessed May 27, 2012.
  38. ^ "Marketplace". drupal.org. Retrieved 2013-04-18.
  39. ^ Koenig, Josh. "Growth Graphs". Groups.Drupal. Retrieved 2009-04-08.
  40. ^ Buytaert, Dries (2008). "Drupal Download Statistics". Retrieved 2009-04-08.
  41. ^ Buytaert, Dries (2007). "Drupal Download Statistics". Retrieved 2009-04-08.
  42. ^ "Usage statistics for Drupal core".
  43. ^ "Drupal Sites". Dries Buytaert. Retrieved 2010-07-20.
  44. ^ "List of Nonprofit, NPO, NGO Websites Using Drupal". ENGINE Industries. Archived from the original on 2009-12-24. Retrieved 2010-07-20.
  45. ^ "OSS CMS Award Previous Winners". Packt Publishing. Archived from the original on 2009-07-07. Retrieved 2009-04-08.
  46. ^ "Drupal is a Webware 100 winner for the third year in a row". Drupal.org. Retrieved 2011-08-31.
  47. ^ "Cnet.com". News.cnet.com. 2009-05-19. Archived from the original on July 10, 2012. Retrieved 2011-08-31.
  48. ^ "Drupal 6.0 released | Drupal.org".
  49. ^ "Buytaert.net". Buytaert.net. 4 March 2009. Retrieved 2011-08-31.
  50. ^ "Drupal 7 to be released on January 5 (with one ginormous party)". Buytaert.net. 21 December 2010. Retrieved 2011-08-31.
  51. ^ "Xplain Hosting Drupal 7 Quickstart training seminar". Scoop. 2010-12-16.
  52. ^ "Drupal 7's End-of-Life extended to November 1, 2023 - PSA-2022-02-23". Retrieved 2022-03-29.
  53. ^ "End of life announcement and changes to Drupal 7 support - PSA-2023-06-07". Drupal.org. 2023-06-07. Retrieved 2024-01-10.
  54. ^ a b "Drupal 8.0.0-rc1 announcement". drupal.org.
  55. ^ a b Nick, Edward (2022-09-07). "Drupal". Data Science Central. Retrieved 2022-09-20.
  56. ^ "Drupal 8 is now end-of-life - PSA-2021-11-30". Drupal.org. 2021-11-30. Retrieved 2024-01-10.
  57. ^ "Drupal 9 Launches! | Drupalize.Me". drupalize.me. Retrieved 2024-01-10.
  58. ^ "Drupal 9 is end of life - PSA-2023-11-01". Drupal.org. 2023-11-01. Retrieved 2024-01-10.
  59. ^ Fluckinger, Don (2022-10-26). "Acquia releases open source headless CMS accelerator". TechTarget. Retrieved 2022-11-10.
  60. ^ MacManus, Richard (2022-10-26). "How Drupal Fits Into an Increasingly Headless CMS World". The New Stack. Retrieved 2022-11-10.
  61. ^ Kerner, Sean Michael (2022-12-19). "Drupal cranks open-source CMS tech to 10 as the need for modular digital experiences grows". VentureBeat. Retrieved 2023-01-07.
  62. ^ a b "Never hack core". drupal.org.
  63. ^ "Drupal 7.39 released". drupal.org. Retrieved 2015-09-19.
  64. ^ a b "Documentation: Core modules and themes". drupal.org. Retrieved 2021-01-22.
  65. ^ "Documentation: Core Modules and eCommerce". lnwebworks.com.
  66. ^ "Documentation: Multisite Drupal".
  67. ^ Buytaert, Dries (2006-10-30). "Garland, the new default core theme". drupal.org. Retrieved 2009-04-08.
  68. ^ "Color: Allows the user to change the color scheme of certain themes". drupal.org. Retrieved 2009-04-08.
  69. ^ "Drupal core translation downloads". drupal.org. Retrieved 2017-01-30.
  70. ^ a b "Drupal 6.0 released". drupal.org. Retrieved 2009-04-08.
  71. ^ "SA-CORE-2014-005 - Drupal core - SQL injection". Https. Retrieved December 3, 2014.
  72. ^ "Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003". Https. Retrieved December 3, 2014.
  73. ^ "Drupal on Windows Group". drupal.org. Retrieved 2011-02-14.
  74. ^ Killesreiter, Gerhard (2013-02-25). "Accessibility statement". drupal.org. Retrieved 2013-04-16.
  75. ^ "Drupal 8 Accessibility Features".
  76. ^ Scholten, Roy (2012-12-10). "Drupal core gates". drupal.org. Retrieved 2013-04-16.
  77. ^ "API Reference". drupal.org. Retrieved 2009-04-08.
  78. ^ "File and directory management". drupal.org.
  79. ^ "Integrating Drupal with External Systems". specbee.com. 2018-08-24. Retrieved 2018-08-24.
  80. ^ "Drupal Camunda BPM Integration". Srijan Technologies.
  81. ^ "Project usage overview". Drupal.org. Retrieved 2011-08-18.
  82. ^ "DRUPAL 5 TO DRUPAL 7". Archived from the original on 2017-07-04. Retrieved 2015-03-24.
  83. ^ "Field API". 2009. Retrieved 2009-05-08.
  84. ^ "Views in Drupal Core initiative: Status report and roadmap". Retrieved 2014-11-04.
  85. ^ "PHPTemplate theme engine". drupal.org. Archived from the original on 2009-03-08. Retrieved 2009-04-08.
  86. ^ "XTemplate theme engine". drupal.org. Archived from the original on 2009-03-16. Retrieved 2009-04-08.
  87. ^ a b Arghire, Ionut (2022-09-29). "Drupal Updates Patch Vulnerability in Twig Template Engine | SecurityWeek.Com". www.securityweek.com. Retrieved 2022-10-11.
  88. ^ "How does Drupal compare to Mambo? discussion thread". drupal.org. 2005-01-17. Retrieved 2009-04-08.
  89. ^ "Drupal themes". Drupal.org. Archived from the original on 2007-08-23. Retrieved 2011-08-31.
  90. ^ "Adding your theme to Drupal.org". Drupal.org.
  91. ^ "Top Drupal Distributions". AGLOBALWAY Consulting Services Inc. Archived from the original on 2014-04-13.
  92. ^ "MVC vs. PAC".
  93. ^ Drupal - CMS Grew Overnight By MAAN Softwares, Retrieved, June 8th, 2017
  94. ^ "drupal.org discussion on DrupalCon event management". Groups.drupal.org. Retrieved 2011-08-31.
  95. ^ "Drupal Camps and Cons". Retrieved 25 January 2013.
  96. ^ "Language specific communities". Drupal.org. 2011-08-26. Retrieved 2011-08-31.
  97. ^ Fluckinger, Don (2021-03-10). "Acquia digital experience platform adds CX-friendly tools". TechTarget. Retrieved 2022-12-06.
  98. ^ Spencer, Jamie (7 April 2017). "CMS Battle for Beginners: WordPress vs Joomla vs Drupal (Infographic)". MakeAWebsiteHub.com. Retrieved 17 May 2017.
  99. ^ Caron, Bruce (20 May 2015). "NASA Science on Drupal Central". earthdata.nasa.gov. Retrieved 2022-10-05.
  100. ^ a b Blyaert, Luc (2022-10-18). "Tobania trekt CM binnen met Dries Buytaert". www.computable.be (in Dutch). Retrieved 2022-10-18.
  101. ^ a b Kaur Dadiala, Karanjeet (2022-08-08). "16 Organization Websites Built Using Drupal in 2022". Zyxware Technologies. Retrieved 2022-10-09.
  102. ^ "Who Uses Drupal? 10 Famous Drupal Websites | Smartbees". smartbees.co. 2021-05-27. Retrieved 2022-10-05.
  103. ^ a b c d e f Montti, Roger (2022-04-22). "Drupal Warns of Two Critical Vulnerabilities". Search Engine Journal. Retrieved 2022-10-23.
  104. ^ Drupal. "Security announcement and release process".
  105. ^ Drupal. "How to report a security issue".
  106. ^ "Update manager (and Update status)". drupal.org. Retrieved 2011-07-01.
  107. ^ "Security advisories". drupal.org. Retrieved 2009-04-28.
  108. ^ "Drupal security team". Drupal.org. Retrieved 2011-08-31.
  109. ^ "Drupal Security RSS feed". Drupal.org. Retrieved 2011-08-31.
  110. ^ Leyden, John (2014-11-03). "Drupal megaflaw raises questions over CMS bods' crisis mgmt". www.theregister.com.
  111. ^ "SA-CORE-2014-005 - Drupal core - SQL injection". Security advisories. Drupal security team.
  112. ^ "Drupalgeddon strikes back: outdated Drupal allegedly linked to "Panama Papers"". Blog. Drop Guard. Archived from the original on 2016-06-11. Retrieved 2016-07-13.
  113. ^ "Drupal Core—Highly Critical—Public Service Announcement—PSA-2014-003". Security advisories. Drupal security team. October 29, 2014 – via Drupal.org.

    You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

    Simply updating to Drupal 7.32 will not remove backdoors....updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn't do it, that can be a symptom that the site was compromised - some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.

  114. ^ Robinson, Brian (2014-11-07). "Attacks on open source call for better software design -". GCN. Archived from the original on 2016-08-18. Retrieved 2016-07-29.
  115. ^ "How we installed a Drupal security patch on 1300 sites, stress-free!". Dropsolid. Retrieved 2019-03-11.
  116. ^ "FAQ about SA-CORE-2018-002". Drupal Security Team. Retrieved 23 April 2018.
  117. ^ "Drupal 6 end-of-life announcement". Drupal.org. 2015-11-09. Retrieved 2021-05-01.
  118. ^ Goddin, Dan (20 April 2018). ""Drupalgeddon2" touches off arms race to mass-exploit powerful Web servers". Ars Technica. Retrieved 23 April 2018.
  119. ^ "Drupal Patches Arbitrary File Upload Flaw". Decipher. 23 December 2019. Retrieved 2019-12-23.
  120. ^ "Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009". Drupal.org. 2019-12-18. Retrieved 2019-12-23.
  121. ^ Montti, Roger (2022-10-01). "Drupal Warns of Critical High Severity Vulnerability". Search Engine Journal. Retrieved 2022-10-11.
  122. ^ Arghire, Ionut (2023-01-20). "Drupal Patches Vulnerabilities Leading to Information Disclosure". www.securityweek.com. Retrieved 2023-01-20.
  123. ^ Adriana Alarcón. "Why Drupal as a Headless CMS is the Future of Content Management". Octahedroid. Retrieved December 6, 2023.

Further reading[edit]

External links[edit]